[9864] in cryptography@c2.net mail archive
Re: private-sector keystroke logger...
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Nov 27 18:48:00 2001
Message-ID: <3C041B42.43D16B6B@algroup.co.uk>
Date: Tue, 27 Nov 2001 23:01:22 +0000
From: Ben Laurie <ben@algroup.co.uk>
MIME-Version: 1.0
To: pasward@big.uwaterloo.ca
Cc: "Jay D. Dyson" <jdyson@treachery.net>,
Cryptography List <cryptography@wasabisystems.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
pasward@big.uwaterloo.ca wrote:
>
> Jay D. Dyson writes:
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > On Tue, 27 Nov 2001 pasward@big.uwaterloo.ca wrote:
> >
> > > > > Hrm, how about a worm with a built-in HTTP server that installs itself
> > > > > on some non-standard port, say TCP/28462 (to pick one at random)?
> > > >
> > > > Craftier still, backdoor an existing service that behaves normally
> > > > until it receives a few specially-crafted packets, then it opens a high
> > > > port for direct login or data retrieval.
> > >
> > > Neither of these will get past a firewall on an uncompromised machine.
> >
> > While I didn't enumerate the service that could be backdoored, I
> > do believe Eric Murray hit the nail on the canonical head when he
> > mentioned that such a beastie could target the firewall's configuration,
> > forcing it to relax its stance enough to allow the automated intrusion
> > agent plenty of latitude to conduct its business.
>
> I am assuming a firewall on a separate machine, which simply does not
> allow incoming connections to the window's boxes, and constrains the
> outgoing connections. I do not claim that this prevents all covert
> loss of data, but it constrains the options, and certainly does not
> permit the described backdoor to work.
Yeah right - so it sets up an outgoing connection to some webserver to
pass on the info. Firewall that.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
